1 files changed, 642 insertions, 0 deletions
diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
new file mode 100644
index 00000000000..a101cad6a8d
--- /dev/null
+++ b/drivers/usb/wusbcore/security.c
@@ -0,0 +1,642 @@
+/*
+ * Wireless USB Host Controller
+ * Security support: encryption enablement, etc
+ *
+ * Copyright (C) 2006 Intel Corporation
+ * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version
+ * 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ *
+ * FIXME: docs
+ */
+#include <linux/types.h>
+#include <linux/usb/ch9.h>
+#include <linux/random.h>
+#include "wusbhc.h"
+/*
+ * DEBUG & SECURITY WARNING!!!!
+ *
+ * If you enable this past 1, the debug code will weaken the
+ * cryptographic safety of the system (on purpose, for debugging).
+ *
+ * Weaken means:
+ *   we print secret keys and intermediate values all the way,
+ */
+#undef D_LOCAL
+#define D_LOCAL 2
+#include <linux/uwb/debug.h>
+static void wusbhc_set_gtk_callback(struct urb *urb);
+static void wusbhc_gtk_rekey_done_work(struct work_struct *work);
+int wusbhc_sec_create(struct wusbhc *wusbhc)
+{
+        wusbhc->gtk.descr.bLength = sizeof(wusbhc->gtk.descr) + sizeof(wusbhc->gtk.data);
+        wusbhc->gtk.descr.bDescriptorType = USB_DT_KEY;
+        wusbhc->gtk.descr.bReserved = 0;
+        wusbhc->gtk_index = wusb_key_index(0, WUSB_KEY_INDEX_TYPE_GTK,
+                                           WUSB_KEY_INDEX_ORIGINATOR_HOST);
+        INIT_WORK(&wusbhc->gtk_rekey_done_work, wusbhc_gtk_rekey_done_work);
+        return 0;
+}
+/* Called when the HC is destroyed */
+void wusbhc_sec_destroy(struct wusbhc *wusbhc)
+{
+}
+/**
+ * wusbhc_next_tkid - generate a new, currently unused, TKID
+ * @wusbhc:   the WUSB host controller
+ * @wusb_dev: the device whose PTK the TKID is for
+ *            (or NULL for a TKID for a GTK)
+ *
+ * The generated TKID consist of two parts: the device's authenicated
+ * address (or 0 or a GTK); and an incrementing number.  This ensures
+ * that TKIDs cannot be shared between devices and by the time the
+ * incrementing number wraps around the older TKIDs will no longer be
+ * in use (a maximum of two keys may be active at any one time).
+ */
+static u32 wusbhc_next_tkid(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
+{
+        u32 *tkid;
+        u32 addr;
+        if (wusb_dev == NULL) {
+                tkid = &wusbhc->gtk_tkid;
+                addr = 0;
+        } else {
+                tkid = &wusb_port_by_idx(wusbhc, wusb_dev->port_idx)->ptk_tkid;
+                addr = wusb_dev->addr & 0x7f;
+        }
+        *tkid = (addr << 8) | ((*tkid + 1) & 0xff);
+        return *tkid;
+}
+static void wusbhc_generate_gtk(struct wusbhc *wusbhc)
+{
+        const size_t key_size = sizeof(wusbhc->gtk.data);
+        u32 tkid;
+        tkid = wusbhc_next_tkid(wusbhc, NULL);
+        wusbhc->gtk.descr.tTKID[0] = (tkid >>  0) & 0xff;
+        wusbhc->gtk.descr.tTKID[1] = (tkid >>  8) & 0xff;
+        wusbhc->gtk.descr.tTKID[2] = (tkid >> 16) & 0xff;
+        get_random_bytes(wusbhc->gtk.descr.bKeyData, key_size);
+}
+/**
+ * wusbhc_sec_start - start the security management process
+ * @wusbhc: the WUSB host controller
+ *
+ * Generate and set an initial GTK on the host controller.
+ *
+ * Called when the HC is started.
+ */
+int wusbhc_sec_start(struct wusbhc *wusbhc)
+{
+        const size_t key_size = sizeof(wusbhc->gtk.data);
+        int result;
+        wusbhc_generate_gtk(wusbhc);
+        result = wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid,
+                                 &wusbhc->gtk.descr.bKeyData, key_size);
+        if (result < 0)
+                dev_err(wusbhc->dev, "cannot set GTK for the host: %d\n",
+                        result);
+        return result;
+}
+/**
+ * wusbhc_sec_stop - stop the security management process
+ * @wusbhc: the WUSB host controller
+ *
+ * Wait for any pending GTK rekeys to stop.
+ */
+void wusbhc_sec_stop(struct wusbhc *wusbhc)
+{
+        cancel_work_sync(&wusbhc->gtk_rekey_done_work);
+}
+/** @returns encryption type name */
+const char *wusb_et_name(u8 x)
+{
+        switch (x) {
+        case USB_ENC_TYPE_UNSECURE:     return "unsecure";
+        case USB_ENC_TYPE_WIRED:        return "wired";
+        case USB_ENC_TYPE_CCM_1:        return "CCM-1";
+        case USB_ENC_TYPE_RSA_1:        return "RSA-1";
+        default:                        return "unknown";
+        }
+}
+EXPORT_SYMBOL_GPL(wusb_et_name);
+/*
+ * Set the device encryption method
+ *
+ * We tell the device which encryption method to use; we do this when
+ * setting up the device's security.
+ */
+static int wusb_dev_set_encryption(struct usb_device *usb_dev, int value)
+{
+        int result;
+        struct device *dev = &usb_dev->dev;
+        struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
+        if (value) {
+                value = wusb_dev->ccm1_etd.bEncryptionValue;
+        } else {
+                /* FIXME: should be wusb_dev->etd[UNSECURE].bEncryptionValue */
+                value = 0;
+        }
+        /* Set device's */
+        result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                        USB_REQ_SET_ENCRYPTION,
+                        USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                        value, 0, NULL, 0, 1000 /* FIXME: arbitrary */);
+        if (result < 0)
+                dev_err(dev, "Can't set device's WUSB encryption to "
+                        "%s (value %d): %d\n",
+                        wusb_et_name(wusb_dev->ccm1_etd.bEncryptionType),
+                        wusb_dev->ccm1_etd.bEncryptionValue,  result);
+        return result;
+}
+/*
+ * Set the GTK to be used by a device.
+ *
+ * The device must be authenticated.
+ */
+static int wusb_dev_set_gtk(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
+{
+        struct usb_device *usb_dev = wusb_dev->usb_dev;
+        return usb_control_msg(
+                usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                USB_REQ_SET_DESCRIPTOR,
+                USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                USB_DT_KEY << 8 | wusbhc->gtk_index, 0,
+                &wusbhc->gtk.descr, wusbhc->gtk.descr.bLength,
+                1000);
+}
+/* FIXME: prototype for adding security */
+int wusb_dev_sec_add(struct wusbhc *wusbhc,
+                     struct usb_device *usb_dev, struct wusb_dev *wusb_dev)
+{
+        int result, bytes, secd_size;
+        struct device *dev = &usb_dev->dev;
+        struct usb_security_descriptor secd;
+        const struct usb_encryption_descriptor *etd, *ccm1_etd = NULL;
+        void *secd_buf;
+        const void *itr, *top;
+        char buf[64];
+        d_fnstart(3, dev, "(usb_dev %p, wusb_dev %p)\n", usb_dev, wusb_dev);
+        result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
+                                    0, &secd, sizeof(secd));
+        if (result < sizeof(secd)) {
+                dev_err(dev, "Can't read security descriptor or "
+                        "not enough data: %d\n", result);
+                goto error_secd;
+        }
+        secd_size = le16_to_cpu(secd.wTotalLength);
+        d_printf(5, dev, "got %d bytes of sec descriptor, total is %d\n",
+                 result, secd_size);
+        secd_buf = kmalloc(secd_size, GFP_KERNEL);
+        if (secd_buf == NULL) {
+                dev_err(dev, "Can't allocate space for security descriptors\n");
+                goto error_secd_alloc;
+        }
+        result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
+                                    0, secd_buf, secd_size);
+        if (result < secd_size) {
+                dev_err(dev, "Can't read security descriptor or "
+                        "not enough data: %d\n", result);
+                goto error_secd_all;
+        }
+        d_printf(5, dev, "got %d bytes of sec descriptors\n", result);
+        bytes = 0;
+        itr = secd_buf + sizeof(secd);
+        top = secd_buf + result;
+        while (itr < top) {
+                etd = itr;
+                if (top - itr < sizeof(*etd)) {
+                        dev_err(dev, "BUG: bad device security descriptor; "
+                                "not enough data (%zu vs %zu bytes left)\n",
+                                top - itr, sizeof(*etd));
+                        break;
+                }
+                if (etd->bLength < sizeof(*etd)) {
+                        dev_err(dev, "BUG: bad device encryption descriptor; "
+                                "descriptor is too short "
+                                "(%u vs %zu needed)\n",
+                                etd->bLength, sizeof(*etd));
+                        break;
+                }
+                itr += etd->bLength;
+                bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
+                                  "%s (0x%02x/%02x) ",
+                                  wusb_et_name(etd->bEncryptionType),
+                                  etd->bEncryptionValue, etd->bAuthKeyIndex);
+                if (etd->bEncryptionType == USB_ENC_TYPE_CCM_1)
+                        ccm1_etd = etd;
+        }
+        /* This code only supports CCM1 as of now. */
+        /* FIXME: user has to choose which sec mode to use?
+         * In theory we want CCM */
+        if (ccm1_etd == NULL) {
+                dev_err(dev, "WUSB device doesn't support CCM1 encryption, "
+                        "can't use!\n");
+                result = -EINVAL;
+                goto error_no_ccm1;
+        }
+        wusb_dev->ccm1_etd = *ccm1_etd;
+        dev_info(dev, "supported encryption: %s; using %s (0x%02x/%02x)\n",
+                 buf, wusb_et_name(ccm1_etd->bEncryptionType),
+                 ccm1_etd->bEncryptionValue, ccm1_etd->bAuthKeyIndex);
+        result = 0;
+        kfree(secd_buf);
+out:
+        d_fnend(3, dev, "(usb_dev %p, wusb_dev %p) = %d\n",
+                usb_dev, wusb_dev, result);
+        return result;
+error_no_ccm1:
+error_secd_all:
+        kfree(secd_buf);
+error_secd_alloc:
+error_secd:
+        goto out;
+}
+void wusb_dev_sec_rm(struct wusb_dev *wusb_dev)
+{
+        /* Nothing so far */
+}
+static void hs_printk(unsigned level, struct device *dev,
+                      struct usb_handshake *hs)
+{
+        d_printf(level, dev,
+                 "  bMessageNumber: %u\n"
+                 "  bStatus:        %u\n"
+                 "  tTKID:          %02x %02x %02x\n"
+                 "  CDID:           %02x %02x %02x %02x %02x %02x %02x %02x\n"
+                 "                  %02x %02x %02x %02x %02x %02x %02x %02x\n"
+                 "  nonce:          %02x %02x %02x %02x %02x %02x %02x %02x\n"
+                 "                  %02x %02x %02x %02x %02x %02x %02x %02x\n"
+                 "  MIC:            %02x %02x %02x %02x %02x %02x %02x %02x\n",
+                 hs->bMessageNumber, hs->bStatus,
+                 hs->tTKID[2], hs->tTKID[1], hs->tTKID[0],
+                 hs->CDID[0], hs->CDID[1], hs->CDID[2], hs->CDID[3],
+                 hs->CDID[4], hs->CDID[5], hs->CDID[6], hs->CDID[7],
+                 hs->CDID[8], hs->CDID[9], hs->CDID[10], hs->CDID[11],
+                 hs->CDID[12], hs->CDID[13], hs->CDID[14], hs->CDID[15],
+                 hs->nonce[0], hs->nonce[1], hs->nonce[2], hs->nonce[3],
+                 hs->nonce[4], hs->nonce[5], hs->nonce[6], hs->nonce[7],
+                 hs->nonce[8], hs->nonce[9], hs->nonce[10], hs->nonce[11],
+                 hs->nonce[12], hs->nonce[13], hs->nonce[14], hs->nonce[15],
+                 hs->MIC[0], hs->MIC[1], hs->MIC[2], hs->MIC[3],
+                 hs->MIC[4], hs->MIC[5], hs->MIC[6], hs->MIC[7]);
+}
+/**
+ * Update the address of an unauthenticated WUSB device
+ *
+ * Once we have successfully authenticated, we take it to addr0 state
+ * and then to a normal address.
+ *
+ * Before the device's address (as known by it) was usb_dev->devnum |
+ * 0x80 (unauthenticated address). With this we update it to usb_dev->devnum.
+ */
+static int wusb_dev_update_address(struct wusbhc *wusbhc,
+                                   struct wusb_dev *wusb_dev)
+{
+        int result = -ENOMEM;
+        struct usb_device *usb_dev = wusb_dev->usb_dev;
+        struct device *dev = &usb_dev->dev;
+        u8 new_address = wusb_dev->addr & 0x7F;
+        /* Set address 0 */
+        result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                                 USB_REQ_SET_ADDRESS, 0,
+                                 0, 0, NULL, 0, 1000 /* FIXME: arbitrary */);
+        if (result < 0) {
+                dev_err(dev, "auth failed: can't set address 0: %d\n",
+                        result);
+                goto error_addr0;
+        }
+        result = wusb_set_dev_addr(wusbhc, wusb_dev, 0);
+        if (result < 0)
+                goto error_addr0;
+        usb_ep0_reinit(usb_dev);
+        /* Set new (authenticated) address. */
+        result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                                 USB_REQ_SET_ADDRESS, 0,
+                                 new_address, 0, NULL, 0,
+                                 1000 /* FIXME: arbitrary */);
+        if (result < 0) {
+                dev_err(dev, "auth failed: can't set address %u: %d\n",
+                        new_address, result);
+                goto error_addr;
+        }
+        result = wusb_set_dev_addr(wusbhc, wusb_dev, new_address);
+        if (result < 0)
+                goto error_addr;
+        usb_ep0_reinit(usb_dev);
+        usb_dev->authenticated = 1;
+error_addr:
+error_addr0:
+        return result;
+}
+/*
+ *
+ *
+ */
+/* FIXME: split and cleanup */
+int wusb_dev_4way_handshake(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev,
+                            struct wusb_ckhdid *ck)
+{
+        int result = -ENOMEM;
+        struct usb_device *usb_dev = wusb_dev->usb_dev;
+        struct device *dev = &usb_dev->dev;
+        u32 tkid;
+        __le32 tkid_le;
+        struct usb_handshake *hs;
+        struct aes_ccm_nonce ccm_n;
+        u8 mic[8];
+        struct wusb_keydvt_in keydvt_in;
+        struct wusb_keydvt_out keydvt_out;
+        hs = kzalloc(3*sizeof(hs[0]), GFP_KERNEL);
+        if (hs == NULL) {
+                dev_err(dev, "can't allocate handshake data\n");
+                goto error_kzalloc;
+        }
+        /* We need to turn encryption before beginning the 4way
+         * hshake (WUSB1.0[.3.2.2]) */
+        result = wusb_dev_set_encryption(usb_dev, 1);
+        if (result < 0)
+                goto error_dev_set_encryption;
+        tkid = wusbhc_next_tkid(wusbhc, wusb_dev);
+        tkid_le = cpu_to_le32(tkid);
+        hs[0].bMessageNumber = 1;
+        hs[0].bStatus = 0;
+        memcpy(hs[0].tTKID, &tkid_le, sizeof(hs[0].tTKID));
+        hs[0].bReserved = 0;
+        memcpy(hs[0].CDID, &wusb_dev->cdid, sizeof(hs[0].CDID));
+        get_random_bytes(&hs[0].nonce, sizeof(hs[0].nonce));
+        memset(hs[0].MIC, 0, sizeof(hs[0].MIC));        /* Per WUSB1.0[T7-22] */
+        d_printf(1, dev, "I: sending hs1:\n");
+        hs_printk(2, dev, &hs[0]);
+        result = usb_control_msg(
+                usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                USB_REQ_SET_HANDSHAKE,
+                USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                1, 0, &hs[0], sizeof(hs[0]), 1000 /* FIXME: arbitrary */);
+        if (result < 0) {
+                dev_err(dev, "Handshake1: request failed: %d\n", result);
+                goto error_hs1;
+        }
+        /* Handshake 2, from the device -- need to verify fields */
+        result = usb_control_msg(
+                usb_dev, usb_rcvctrlpipe(usb_dev, 0),
+                USB_REQ_GET_HANDSHAKE,
+                USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                2, 0, &hs[1], sizeof(hs[1]), 1000 /* FIXME: arbitrary */);
+        if (result < 0) {
+                dev_err(dev, "Handshake2: request failed: %d\n", result);
+                goto error_hs2;
+        }
+        d_printf(1, dev, "got HS2:\n");
+        hs_printk(2, dev, &hs[1]);
+        result = -EINVAL;
+        if (hs[1].bMessageNumber != 2) {
+                dev_err(dev, "Handshake2 failed: bad message number %u\n",
+                        hs[1].bMessageNumber);
+                goto error_hs2;
+        }
+        if (hs[1].bStatus != 0) {
+                dev_err(dev, "Handshake2 failed: bad status %u\n",
+                        hs[1].bStatus);
+                goto error_hs2;
+        }
+        if (memcmp(hs[0].tTKID, hs[1].tTKID, sizeof(hs[0].tTKID))) {
+                dev_err(dev, "Handshake2 failed: TKID mismatch "
+                        "(#1 0x%02x%02x%02x vs #2 0x%02x%02x%02x)\n",
+                        hs[0].tTKID[0], hs[0].tTKID[1], hs[0].tTKID[2],
+                        hs[1].tTKID[0], hs[1].tTKID[1], hs[1].tTKID[2]);
+                goto error_hs2;
+        }
+        if (memcmp(hs[0].CDID, hs[1].CDID, sizeof(hs[0].CDID))) {
+                dev_err(dev, "Handshake2 failed: CDID mismatch\n");
+                goto error_hs2;
+        }
+        /* Setup the CCM nonce */
+        memset(&ccm_n.sfn, 0, sizeof(ccm_n.sfn));       /* Per WUSB1.0[6.5.2] */
+        memcpy(ccm_n.tkid, &tkid_le, sizeof(ccm_n.tkid));
+        ccm_n.src_addr = wusbhc->uwb_rc->uwb_dev.dev_addr;
+        ccm_n.dest_addr.data[0] = wusb_dev->addr;
+        ccm_n.dest_addr.data[1] = 0;
+        /* Derive the KCK and PTK from CK, the CCM, H and D nonces */
+        memcpy(keydvt_in.hnonce, hs[0].nonce, sizeof(keydvt_in.hnonce));
+        memcpy(keydvt_in.dnonce, hs[1].nonce, sizeof(keydvt_in.dnonce));
+        result = wusb_key_derive(&keydvt_out, ck->data, &ccm_n, &keydvt_in);
+        if (result < 0) {
+                dev_err(dev, "Handshake2 failed: cannot derive keys: %d\n",
+                        result);
+                goto error_hs2;
+        }
+        d_printf(2, dev, "KCK:\n");
+        d_dump(2, dev, keydvt_out.kck, sizeof(keydvt_out.kck));
+        d_printf(2, dev, "PTK:\n");
+        d_dump(2, dev, keydvt_out.ptk, sizeof(keydvt_out.ptk));
+        /* Compute MIC and verify it */
+        result = wusb_oob_mic(mic, keydvt_out.kck, &ccm_n, &hs[1]);
+        if (result < 0) {
+                dev_err(dev, "Handshake2 failed: cannot compute MIC: %d\n",
+                        result);
+                goto error_hs2;
+        }
+        d_printf(2, dev, "MIC:\n");
+        d_dump(2, dev, mic, sizeof(mic));
+        if (memcmp(hs[1].MIC, mic, sizeof(hs[1].MIC))) {
+                dev_err(dev, "Handshake2 failed: MIC mismatch\n");
+                goto error_hs2;
+        }
+        /* Send Handshake3 */
+        hs[2].bMessageNumber = 3;
+        hs[2].bStatus = 0;
+        memcpy(hs[2].tTKID, &tkid_le, sizeof(hs[2].tTKID));
+        hs[2].bReserved = 0;
+        memcpy(hs[2].CDID, &wusb_dev->cdid, sizeof(hs[2].CDID));
+        memcpy(hs[2].nonce, hs[0].nonce, sizeof(hs[2].nonce));
+        result = wusb_oob_mic(hs[2].MIC, keydvt_out.kck, &ccm_n, &hs[2]);
+        if (result < 0) {
+                dev_err(dev, "Handshake3 failed: cannot compute MIC: %d\n",
+                        result);
+                goto error_hs2;
+        }
+        d_printf(1, dev, "I: sending hs3:\n");
+        hs_printk(2, dev, &hs[2]);
+        result = usb_control_msg(
+                usb_dev, usb_sndctrlpipe(usb_dev, 0),
+                USB_REQ_SET_HANDSHAKE,
+                USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
+                3, 0, &hs[2], sizeof(hs[2]), 1000 /* FIXME: arbitrary */);
+        if (result < 0) {
+                dev_err(dev, "Handshake3: request failed: %d\n", result);
+                goto error_hs3;
+        }
+        d_printf(1, dev, "I: turning on encryption on host for device\n");
+        d_dump(2, dev, keydvt_out.ptk, sizeof(keydvt_out.ptk));
+        result = wusbhc->set_ptk(wusbhc, wusb_dev->port_idx, tkid,
+                                 keydvt_out.ptk, sizeof(keydvt_out.ptk));
+        if (result < 0)
+                goto error_wusbhc_set_ptk;
+        d_printf(1, dev, "I: setting a GTK\n");
+        result = wusb_dev_set_gtk(wusbhc, wusb_dev);
+        if (result < 0) {
+                dev_err(dev, "Set GTK for device: request failed: %d\n",
+                        result);
+                goto error_wusbhc_set_gtk;
+        }
+        /* Update the device's address from unauth to auth */
+        if (usb_dev->authenticated == 0) {
+                d_printf(1, dev, "I: updating addres to auth from non-auth\n");
+                result = wusb_dev_update_address(wusbhc, wusb_dev);
+                if (result < 0)
+                        goto error_dev_update_address;
+        }
+        result = 0;
+        d_printf(1, dev, "I: 4way handshke done, device authenticated\n");
+error_dev_update_address:
+error_wusbhc_set_gtk:
+error_wusbhc_set_ptk:
+error_hs3:
+error_hs2:
+error_hs1:
+        memset(hs, 0, 3*sizeof(hs[0]));
+        memset(&keydvt_out, 0, sizeof(keydvt_out));
+        memset(&keydvt_in, 0, sizeof(keydvt_in));
+        memset(&ccm_n, 0, sizeof(ccm_n));
+        memset(mic, 0, sizeof(mic));
+        if (result < 0) {
+                /* error path */
+                wusb_dev_set_encryption(usb_dev, 0);
+        }
+error_dev_set_encryption:
+        kfree(hs);
+error_kzalloc:
+        return result;
+}
+/*
+ * Once all connected and authenticated devices have received the new
+ * GTK, switch the host to using it.
+ */
+static void wusbhc_gtk_rekey_done_work(struct work_struct *work)
+{
+        struct wusbhc *wusbhc = container_of(work, struct wusbhc, gtk_rekey_done_work);
+        size_t key_size = sizeof(wusbhc->gtk.data);
+        mutex_lock(&wusbhc->mutex);
+        if (--wusbhc->pending_set_gtks == 0)
+                wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid, &wusbhc->gtk.descr.bKeyData, key_size);
+        mutex_unlock(&wusbhc->mutex);
+}
+static void wusbhc_set_gtk_callback(struct urb *urb)
+{
+        struct wusbhc *wusbhc = urb->context;
+        queue_work(wusbd, &wusbhc->gtk_rekey_done_work);
+}
+/**
+ * wusbhc_gtk_rekey - generate and distribute a new GTK
+ * @wusbhc: the WUSB host controller
+ *
+ * Generate a new GTK and distribute it to all connected and
+ * authenticated devices.  When all devices have the new GTK, the host
+ * starts using it.
+ *
+ * This must be called after every device disconnect (see [WUSB]
+ * section 6.2.11.2).
+ */
+void wusbhc_gtk_rekey(struct wusbhc *wusbhc)
+{
+        static const size_t key_size = sizeof(wusbhc->gtk.data);
+        int p;
+        wusbhc_generate_gtk(wusbhc);
+        for (p = 0; p < wusbhc->ports_max; p++) {
+                struct wusb_dev *wusb_dev;
+                wusb_dev = wusbhc->port[p].wusb_dev;
+                if (!wusb_dev || !wusb_dev->usb_dev | !wusb_dev->usb_dev->authenticated)
+                        continue;
+                usb_fill_control_urb(wusb_dev->set_gtk_urb, wusb_dev->usb_dev,
+                                     usb_sndctrlpipe(wusb_dev->usb_dev, 0),
+                                     (void *)wusb_dev->set_gtk_req,
+                                     &wusbhc->gtk.descr, wusbhc->gtk.descr.bLength,
+                                     wusbhc_set_gtk_callback, wusbhc);
+                if (usb_submit_urb(wusb_dev->set_gtk_urb, GFP_KERNEL) == 0)
+                        wusbhc->pending_set_gtks++;
+        }
+        if (wusbhc->pending_set_gtks == 0)
+                wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid, &wusbhc->gtk.descr.bKeyData, key_size);
+}

diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c new file mode 100644 index 00000000000..a101cad6a8d --- /dev/null +++ b/drivers/usb/wusbcore/security.c
@@ -0,0 +1,642 @@
	1	/*
	2	* Wireless USB Host Controller
	3	* Security support: encryption enablement, etc
	4	*
	5	* Copyright (C) 2006 Intel Corporation
	6	* Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
	7	*
	8	* This program is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU General Public License version
	10	* 2 as published by the Free Software Foundation.
	11	*
	12	* This program is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this program; if not, write to the Free Software
	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
	20	* 02110-1301, USA.
	21	*
	22	*
	23	* FIXME: docs
	24	*/
	25	#include <linux/types.h>
	26	#include <linux/usb/ch9.h>
	27	#include <linux/random.h>
	28	#include "wusbhc.h"
	29
	30	/*
	31	* DEBUG & SECURITY WARNING!!!!
	32	*
	33	* If you enable this past 1, the debug code will weaken the
	34	* cryptographic safety of the system (on purpose, for debugging).
	35	*
	36	* Weaken means:
	37	* we print secret keys and intermediate values all the way,
	38	*/
	39	#undef D_LOCAL
	40	#define D_LOCAL 2
	41	#include <linux/uwb/debug.h>
	42
	43	static void wusbhc_set_gtk_callback(struct urb *urb);
	44	static void wusbhc_gtk_rekey_done_work(struct work_struct *work);
	45
	46	int wusbhc_sec_create(struct wusbhc *wusbhc)
	47	{
	48	wusbhc->gtk.descr.bLength = sizeof(wusbhc->gtk.descr) + sizeof(wusbhc->gtk.data);
	49	wusbhc->gtk.descr.bDescriptorType = USB_DT_KEY;
	50	wusbhc->gtk.descr.bReserved = 0;
	51
	52	wusbhc->gtk_index = wusb_key_index(0, WUSB_KEY_INDEX_TYPE_GTK,
	53	WUSB_KEY_INDEX_ORIGINATOR_HOST);
	54
	55	INIT_WORK(&wusbhc->gtk_rekey_done_work, wusbhc_gtk_rekey_done_work);
	56
	57	return 0;
	58	}
	59
	60
	61	/* Called when the HC is destroyed */
	62	void wusbhc_sec_destroy(struct wusbhc *wusbhc)
	63	{
	64	}
	65
	66
	67	/**
	68	* wusbhc_next_tkid - generate a new, currently unused, TKID
	69	* @wusbhc: the WUSB host controller
	70	* @wusb_dev: the device whose PTK the TKID is for
	71	* (or NULL for a TKID for a GTK)
	72	*
	73	* The generated TKID consist of two parts: the device's authenicated
	74	* address (or 0 or a GTK); and an incrementing number. This ensures
	75	* that TKIDs cannot be shared between devices and by the time the
	76	* incrementing number wraps around the older TKIDs will no longer be
	77	* in use (a maximum of two keys may be active at any one time).
	78	*/
	79	static u32 wusbhc_next_tkid(struct wusbhc wusbhc, struct wusb_dev wusb_dev)
	80	{
	81	u32 *tkid;
	82	u32 addr;
	83
	84	if (wusb_dev == NULL) {
	85	tkid = &wusbhc->gtk_tkid;
	86	addr = 0;
	87	} else {
	88	tkid = &wusb_port_by_idx(wusbhc, wusb_dev->port_idx)->ptk_tkid;
	89	addr = wusb_dev->addr & 0x7f;
	90	}
	91
	92	tkid = (addr << 8) \| ((tkid + 1) & 0xff);
	93
	94	return *tkid;
	95	}
	96
	97	static void wusbhc_generate_gtk(struct wusbhc *wusbhc)
	98	{
	99	const size_t key_size = sizeof(wusbhc->gtk.data);
	100	u32 tkid;
	101
	102	tkid = wusbhc_next_tkid(wusbhc, NULL);
	103
	104	wusbhc->gtk.descr.tTKID[0] = (tkid >> 0) & 0xff;
	105	wusbhc->gtk.descr.tTKID[1] = (tkid >> 8) & 0xff;
	106	wusbhc->gtk.descr.tTKID[2] = (tkid >> 16) & 0xff;
	107
	108	get_random_bytes(wusbhc->gtk.descr.bKeyData, key_size);
	109	}
	110
	111	/**
	112	* wusbhc_sec_start - start the security management process
	113	* @wusbhc: the WUSB host controller
	114	*
	115	* Generate and set an initial GTK on the host controller.
	116	*
	117	* Called when the HC is started.
	118	*/
	119	int wusbhc_sec_start(struct wusbhc *wusbhc)
	120	{
	121	const size_t key_size = sizeof(wusbhc->gtk.data);
	122	int result;
	123
	124	wusbhc_generate_gtk(wusbhc);
	125
	126	result = wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid,
	127	&wusbhc->gtk.descr.bKeyData, key_size);
	128	if (result < 0)
	129	dev_err(wusbhc->dev, "cannot set GTK for the host: %d\n",
	130	result);
	131
	132	return result;
	133	}
	134
	135	/**
	136	* wusbhc_sec_stop - stop the security management process
	137	* @wusbhc: the WUSB host controller
	138	*
	139	* Wait for any pending GTK rekeys to stop.
	140	*/
	141	void wusbhc_sec_stop(struct wusbhc *wusbhc)
	142	{
	143	cancel_work_sync(&wusbhc->gtk_rekey_done_work);
	144	}
	145
	146
	147	/** @returns encryption type name */
	148	const char *wusb_et_name(u8 x)
	149	{
	150	switch (x) {
	151	case USB_ENC_TYPE_UNSECURE: return "unsecure";
	152	case USB_ENC_TYPE_WIRED: return "wired";
	153	case USB_ENC_TYPE_CCM_1: return "CCM-1";
	154	case USB_ENC_TYPE_RSA_1: return "RSA-1";
	155	default: return "unknown";
	156	}
	157	}
	158	EXPORT_SYMBOL_GPL(wusb_et_name);
	159
	160	/*
	161	* Set the device encryption method
	162	*
	163	* We tell the device which encryption method to use; we do this when
	164	* setting up the device's security.
	165	*/
	166	static int wusb_dev_set_encryption(struct usb_device *usb_dev, int value)
	167	{
	168	int result;
	169	struct device *dev = &usb_dev->dev;
	170	struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
	171
	172	if (value) {
	173	value = wusb_dev->ccm1_etd.bEncryptionValue;
	174	} else {
	175	/* FIXME: should be wusb_dev->etd[UNSECURE].bEncryptionValue */
	176	value = 0;
	177	}
	178	/* Set device's */
	179	result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
	180	USB_REQ_SET_ENCRYPTION,
	181	USB_DIR_OUT \| USB_TYPE_STANDARD \| USB_RECIP_DEVICE,
	182	value, 0, NULL, 0, 1000 /* FIXME: arbitrary */);
	183	if (result < 0)
	184	dev_err(dev, "Can't set device's WUSB encryption to "
	185	"%s (value %d): %d\n",
	186	wusb_et_name(wusb_dev->ccm1_etd.bEncryptionType),
	187	wusb_dev->ccm1_etd.bEncryptionValue, result);
	188	return result;
	189	}
	190
	191	/*
	192	* Set the GTK to be used by a device.
	193	*
	194	* The device must be authenticated.
	195	*/
	196	static int wusb_dev_set_gtk(struct wusbhc wusbhc, struct wusb_dev wusb_dev)
	197	{
	198	struct usb_device *usb_dev = wusb_dev->usb_dev;
	199
	200	return usb_control_msg(
	201	usb_dev, usb_sndctrlpipe(usb_dev, 0),
	202	USB_REQ_SET_DESCRIPTOR,
	203	USB_DIR_OUT \| USB_TYPE_STANDARD \| USB_RECIP_DEVICE,
	204	USB_DT_KEY << 8 \| wusbhc->gtk_index, 0,
	205	&wusbhc->gtk.descr, wusbhc->gtk.descr.bLength,
	206	1000);
	207	}
	208
	209
	210	/* FIXME: prototype for adding security */
	211	int wusb_dev_sec_add(struct wusbhc *wusbhc,
	212	struct usb_device usb_dev, struct wusb_dev wusb_dev)
	213	{
	214	int result, bytes, secd_size;
	215	struct device *dev = &usb_dev->dev;
	216	struct usb_security_descriptor secd;
	217	const struct usb_encryption_descriptor etd, ccm1_etd = NULL;
	218	void *secd_buf;
	219	const void itr, top;
	220	char buf[64];
	221
	222	d_fnstart(3, dev, "(usb_dev %p, wusb_dev %p)\n", usb_dev, wusb_dev);
	223	result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
	224	0, &secd, sizeof(secd));
	225	if (result < sizeof(secd)) {
	226	dev_err(dev, "Can't read security descriptor or "
	227	"not enough data: %d\n", result);
	228	goto error_secd;
	229	}
	230	secd_size = le16_to_cpu(secd.wTotalLength);
	231	d_printf(5, dev, "got %d bytes of sec descriptor, total is %d\n",
	232	result, secd_size);
	233	secd_buf = kmalloc(secd_size, GFP_KERNEL);
	234	if (secd_buf == NULL) {
	235	dev_err(dev, "Can't allocate space for security descriptors\n");
	236	goto error_secd_alloc;
	237	}
	238	result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
	239	0, secd_buf, secd_size);
	240	if (result < secd_size) {
	241	dev_err(dev, "Can't read security descriptor or "
	242	"not enough data: %d\n", result);
	243	goto error_secd_all;
	244	}
	245	d_printf(5, dev, "got %d bytes of sec descriptors\n", result);
	246	bytes = 0;
	247	itr = secd_buf + sizeof(secd);
	248	top = secd_buf + result;
	249	while (itr < top) {
	250	etd = itr;
	251	if (top - itr < sizeof(*etd)) {
	252	dev_err(dev, "BUG: bad device security descriptor; "
	253	"not enough data (%zu vs %zu bytes left)\n",
	254	top - itr, sizeof(*etd));
	255	break;
	256	}
	257	if (etd->bLength < sizeof(*etd)) {
	258	dev_err(dev, "BUG: bad device encryption descriptor; "
	259	"descriptor is too short "
	260	"(%u vs %zu needed)\n",
	261	etd->bLength, sizeof(*etd));
	262	break;
	263	}
	264	itr += etd->bLength;
	265	bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
	266	"%s (0x%02x/%02x) ",
	267	wusb_et_name(etd->bEncryptionType),
	268	etd->bEncryptionValue, etd->bAuthKeyIndex);
	269	if (etd->bEncryptionType == USB_ENC_TYPE_CCM_1)
	270	ccm1_etd = etd;
	271	}
	272	/* This code only supports CCM1 as of now. */
	273	/* FIXME: user has to choose which sec mode to use?
	274	* In theory we want CCM */
	275	if (ccm1_etd == NULL) {
	276	dev_err(dev, "WUSB device doesn't support CCM1 encryption, "
	277	"can't use!\n");
	278	result = -EINVAL;
	279	goto error_no_ccm1;
	280	}
	281	wusb_dev->ccm1_etd = *ccm1_etd;
	282	dev_info(dev, "supported encryption: %s; using %s (0x%02x/%02x)\n",
	283	buf, wusb_et_name(ccm1_etd->bEncryptionType),
	284	ccm1_etd->bEncryptionValue, ccm1_etd->bAuthKeyIndex);
	285	result = 0;
	286	kfree(secd_buf);
	287	out:
	288	d_fnend(3, dev, "(usb_dev %p, wusb_dev %p) = %d\n",
	289	usb_dev, wusb_dev, result);
	290	return result;
	291
	292
	293	error_no_ccm1:
	294	error_secd_all:
	295	kfree(secd_buf);
	296	error_secd_alloc:
	297	error_secd:
	298	goto out;
	299	}
	300
	301	void wusb_dev_sec_rm(struct wusb_dev *wusb_dev)
	302	{
	303	/* Nothing so far */
	304	}
	305
	306	static void hs_printk(unsigned level, struct device *dev,
	307	struct usb_handshake *hs)
	308	{
	309	d_printf(level, dev,
	310	" bMessageNumber: %u\n"
	311	" bStatus: %u\n"
	312	" tTKID: %02x %02x %02x\n"
	313	" CDID: %02x %02x %02x %02x %02x %02x %02x %02x\n"
	314	" %02x %02x %02x %02x %02x %02x %02x %02x\n"
	315	" nonce: %02x %02x %02x %02x %02x %02x %02x %02x\n"
	316	" %02x %02x %02x %02x %02x %02x %02x %02x\n"
	317	" MIC: %02x %02x %02x %02x %02x %02x %02x %02x\n",
	318	hs->bMessageNumber, hs->bStatus,
	319	hs->tTKID[2], hs->tTKID[1], hs->tTKID[0],
	320	hs->CDID[0], hs->CDID[1], hs->CDID[2], hs->CDID[3],
	321	hs->CDID[4], hs->CDID[5], hs->CDID[6], hs->CDID[7],
	322	hs->CDID[8], hs->CDID[9], hs->CDID[10], hs->CDID[11],
	323	hs->CDID[12], hs->CDID[13], hs->CDID[14], hs->CDID[15],
	324	hs->nonce[0], hs->nonce[1], hs->nonce[2], hs->nonce[3],
	325	hs->nonce[4], hs->nonce[5], hs->nonce[6], hs->nonce[7],
	326	hs->nonce[8], hs->nonce[9], hs->nonce[10], hs->nonce[11],
	327	hs->nonce[12], hs->nonce[13], hs->nonce[14], hs->nonce[15],
	328	hs->MIC[0], hs->MIC[1], hs->MIC[2], hs->MIC[3],
	329	hs->MIC[4], hs->MIC[5], hs->MIC[6], hs->MIC[7]);
	330	}
	331
	332	/**
	333	* Update the address of an unauthenticated WUSB device
	334	*
	335	* Once we have successfully authenticated, we take it to addr0 state
	336	* and then to a normal address.
	337	*
	338	* Before the device's address (as known by it) was usb_dev->devnum \|
	339	* 0x80 (unauthenticated address). With this we update it to usb_dev->devnum.
	340	*/
	341	static int wusb_dev_update_address(struct wusbhc *wusbhc,
	342	struct wusb_dev *wusb_dev)
	343	{
	344	int result = -ENOMEM;
	345	struct usb_device *usb_dev = wusb_dev->usb_dev;
	346	struct device *dev = &usb_dev->dev;
	347	u8 new_address = wusb_dev->addr & 0x7F;
	348
	349	/* Set address 0 */
	350	result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
	351	USB_REQ_SET_ADDRESS, 0,
	352	0, 0, NULL, 0, 1000 /* FIXME: arbitrary */);
	353	if (result < 0) {
	354	dev_err(dev, "auth failed: can't set address 0: %d\n",
	355	result);
	356	goto error_addr0;
	357	}
	358	result = wusb_set_dev_addr(wusbhc, wusb_dev, 0);
	359	if (result < 0)
	360	goto error_addr0;
	361	usb_ep0_reinit(usb_dev);
	362
	363	/* Set new (authenticated) address. */
	364	result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
	365	USB_REQ_SET_ADDRESS, 0,
	366	new_address, 0, NULL, 0,
	367	1000 /* FIXME: arbitrary */);
	368	if (result < 0) {
	369	dev_err(dev, "auth failed: can't set address %u: %d\n",
	370	new_address, result);
	371	goto error_addr;
	372	}
	373	result = wusb_set_dev_addr(wusbhc, wusb_dev, new_address);
	374	if (result < 0)
	375	goto error_addr;
	376	usb_ep0_reinit(usb_dev);
	377	usb_dev->authenticated = 1;
	378	error_addr:
	379	error_addr0:
	380	return result;
	381	}
	382
	383	/*
	384	*
	385	*
	386	*/
	387	/* FIXME: split and cleanup */
	388	int wusb_dev_4way_handshake(struct wusbhc wusbhc, struct wusb_dev wusb_dev,
	389	struct wusb_ckhdid *ck)
	390	{
	391	int result = -ENOMEM;
	392	struct usb_device *usb_dev = wusb_dev->usb_dev;
	393	struct device *dev = &usb_dev->dev;
	394	u32 tkid;
	395	__le32 tkid_le;
	396	struct usb_handshake *hs;
	397	struct aes_ccm_nonce ccm_n;
	398	u8 mic[8];
	399	struct wusb_keydvt_in keydvt_in;
	400	struct wusb_keydvt_out keydvt_out;
	401
	402	hs = kzalloc(3*sizeof(hs[0]), GFP_KERNEL);
	403	if (hs == NULL) {
	404	dev_err(dev, "can't allocate handshake data\n");
	405	goto error_kzalloc;
	406	}
	407
	408	/* We need to turn encryption before beginning the 4way
	409	* hshake (WUSB1.0[.3.2.2]) */
	410	result = wusb_dev_set_encryption(usb_dev, 1);
	411	if (result < 0)
	412	goto error_dev_set_encryption;
	413
	414	tkid = wusbhc_next_tkid(wusbhc, wusb_dev);
	415	tkid_le = cpu_to_le32(tkid);
	416
	417	hs[0].bMessageNumber = 1;
	418	hs[0].bStatus = 0;
	419	memcpy(hs[0].tTKID, &tkid_le, sizeof(hs[0].tTKID));
	420	hs[0].bReserved = 0;
	421	memcpy(hs[0].CDID, &wusb_dev->cdid, sizeof(hs[0].CDID));
	422	get_random_bytes(&hs[0].nonce, sizeof(hs[0].nonce));
	423	memset(hs[0].MIC, 0, sizeof(hs[0].MIC)); /* Per WUSB1.0[T7-22] */
	424
	425	d_printf(1, dev, "I: sending hs1:\n");
	426	hs_printk(2, dev, &hs[0]);
	427
	428	result = usb_control_msg(
	429	usb_dev, usb_sndctrlpipe(usb_dev, 0),
	430	USB_REQ_SET_HANDSHAKE,
	431	USB_DIR_OUT \| USB_TYPE_STANDARD \| USB_RECIP_DEVICE,
	432	1, 0, &hs[0], sizeof(hs[0]), 1000 /* FIXME: arbitrary */);
	433	if (result < 0) {
	434	dev_err(dev, "Handshake1: request failed: %d\n", result);
	435	goto error_hs1;
	436	}
	437
	438	/* Handshake 2, from the device -- need to verify fields */
	439	result = usb_control_msg(
	440	usb_dev, usb_rcvctrlpipe(usb_dev, 0),
	441	USB_REQ_GET_HANDSHAKE,
	442	USB_DIR_IN \| USB_TYPE_STANDARD \| USB_RECIP_DEVICE,
	443	2, 0, &hs[1], sizeof(hs[1]), 1000 /* FIXME: arbitrary */);
	444	if (result < 0) {
	445	dev_err(dev, "Handshake2: request failed: %d\n", result);
	446	goto error_hs2;
	447	}
	448	d_printf(1, dev, "got HS2:\n");
	449	hs_printk(2, dev, &hs[1]);
	450
	451	result = -EINVAL;
	452	if (hs[1].bMessageNumber != 2) {
	453	dev_err(dev, "Handshake2 failed: bad message number %u\n",
	454	hs[1].bMessageNumber);
	455	goto error_hs2;
	456	}
	457	if (hs[1].bStatus != 0) {
	458	dev_err(dev, "Handshake2 failed: bad status %u\n",
	459	hs[1].bStatus);
	460	goto error_hs2;
	461	}
	462	if (memcmp(hs[0].tTKID, hs[1].tTKID, sizeof(hs[0].tTKID))) {
	463	dev_err(dev, "Handshake2 failed: TKID mismatch "
	464	"(#1 0x%02x%02x%02x vs #2 0x%02x%02x%02x)\n",
	465	hs[0].tTKID[0], hs[0].tTKID[1], hs[0].tTKID[2],
	466	hs[1].tTKID[0], hs[1].tTKID[1], hs[1].tTKID[2]);
	467	goto error_hs2;
	468	}
	469	if (memcmp(hs[0].CDID, hs[1].CDID, sizeof(hs[0].CDID))) {
	470	dev_err(dev, "Handshake2 failed: CDID mismatch\n");
	471	goto error_hs2;
	472	}
	473
	474	/* Setup the CCM nonce */
	475	memset(&ccm_n.sfn, 0, sizeof(ccm_n.sfn)); /* Per WUSB1.0[6.5.2] */
	476	memcpy(ccm_n.tkid, &tkid_le, sizeof(ccm_n.tkid));
	477	ccm_n.src_addr = wusbhc->uwb_rc->uwb_dev.dev_addr;
	478	ccm_n.dest_addr.data[0] = wusb_dev->addr;
	479	ccm_n.dest_addr.data[1] = 0;
	480
	481	/* Derive the KCK and PTK from CK, the CCM, H and D nonces */
	482	memcpy(keydvt_in.hnonce, hs[0].nonce, sizeof(keydvt_in.hnonce));
	483	memcpy(keydvt_in.dnonce, hs[1].nonce, sizeof(keydvt_in.dnonce));
	484	result = wusb_key_derive(&keydvt_out, ck->data, &ccm_n, &keydvt_in);
	485	if (result < 0) {
	486	dev_err(dev, "Handshake2 failed: cannot derive keys: %d\n",
	487	result);
	488	goto error_hs2;
	489	}
	490	d_printf(2, dev, "KCK:\n");
	491	d_dump(2, dev, keydvt_out.kck, sizeof(keydvt_out.kck));
	492	d_printf(2, dev, "PTK:\n");
	493	d_dump(2, dev, keydvt_out.ptk, sizeof(keydvt_out.ptk));
	494
	495	/* Compute MIC and verify it */
	496	result = wusb_oob_mic(mic, keydvt_out.kck, &ccm_n, &hs[1]);
	497	if (result < 0) {
	498	dev_err(dev, "Handshake2 failed: cannot compute MIC: %d\n",
	499	result);
	500	goto error_hs2;
	501	}
	502
	503	d_printf(2, dev, "MIC:\n");
	504	d_dump(2, dev, mic, sizeof(mic));
	505	if (memcmp(hs[1].MIC, mic, sizeof(hs[1].MIC))) {
	506	dev_err(dev, "Handshake2 failed: MIC mismatch\n");
	507	goto error_hs2;
	508	}
	509
	510	/* Send Handshake3 */
	511	hs[2].bMessageNumber = 3;
	512	hs[2].bStatus = 0;
	513	memcpy(hs[2].tTKID, &tkid_le, sizeof(hs[2].tTKID));
	514	hs[2].bReserved = 0;
	515	memcpy(hs[2].CDID, &wusb_dev->cdid, sizeof(hs[2].CDID));
	516	memcpy(hs[2].nonce, hs[0].nonce, sizeof(hs[2].nonce));
	517	result = wusb_oob_mic(hs[2].MIC, keydvt_out.kck, &ccm_n, &hs[2]);
	518	if (result < 0) {
	519	dev_err(dev, "Handshake3 failed: cannot compute MIC: %d\n",
	520	result);
	521	goto error_hs2;
	522	}
	523
	524	d_printf(1, dev, "I: sending hs3:\n");
	525	hs_printk(2, dev, &hs[2]);
	526
	527	result = usb_control_msg(
	528	usb_dev, usb_sndctrlpipe(usb_dev, 0),
	529	USB_REQ_SET_HANDSHAKE,
	530	USB_DIR_OUT \| USB_TYPE_STANDARD \| USB_RECIP_DEVICE,
	531	3, 0, &hs[2], sizeof(hs[2]), 1000 /* FIXME: arbitrary */);
	532	if (result < 0) {
	533	dev_err(dev, "Handshake3: request failed: %d\n", result);
	534	goto error_hs3;
	535	}
	536
	537	d_printf(1, dev, "I: turning on encryption on host for device\n");
	538	d_dump(2, dev, keydvt_out.ptk, sizeof(keydvt_out.ptk));
	539	result = wusbhc->set_ptk(wusbhc, wusb_dev->port_idx, tkid,
	540	keydvt_out.ptk, sizeof(keydvt_out.ptk));
	541	if (result < 0)
	542	goto error_wusbhc_set_ptk;
	543
	544	d_printf(1, dev, "I: setting a GTK\n");
	545	result = wusb_dev_set_gtk(wusbhc, wusb_dev);
	546	if (result < 0) {
	547	dev_err(dev, "Set GTK for device: request failed: %d\n",
	548	result);
	549	goto error_wusbhc_set_gtk;
	550	}
	551
	552	/* Update the device's address from unauth to auth */
	553	if (usb_dev->authenticated == 0) {
	554	d_printf(1, dev, "I: updating addres to auth from non-auth\n");
	555	result = wusb_dev_update_address(wusbhc, wusb_dev);
	556	if (result < 0)
	557	goto error_dev_update_address;
	558	}
	559	result = 0;
	560	d_printf(1, dev, "I: 4way handshke done, device authenticated\n");
	561
	562	error_dev_update_address:
	563	error_wusbhc_set_gtk:
	564	error_wusbhc_set_ptk:
	565	error_hs3:
	566	error_hs2:
	567	error_hs1:
	568	memset(hs, 0, 3*sizeof(hs[0]));
	569	memset(&keydvt_out, 0, sizeof(keydvt_out));
	570	memset(&keydvt_in, 0, sizeof(keydvt_in));
	571	memset(&ccm_n, 0, sizeof(ccm_n));
	572	memset(mic, 0, sizeof(mic));
	573	if (result < 0) {
	574	/* error path */
	575	wusb_dev_set_encryption(usb_dev, 0);
	576	}
	577	error_dev_set_encryption:
	578	kfree(hs);
	579	error_kzalloc:
	580	return result;
	581	}
	582
	583	/*
	584	* Once all connected and authenticated devices have received the new
	585	* GTK, switch the host to using it.
	586	*/
	587	static void wusbhc_gtk_rekey_done_work(struct work_struct *work)
	588	{
	589	struct wusbhc *wusbhc = container_of(work, struct wusbhc, gtk_rekey_done_work);
	590	size_t key_size = sizeof(wusbhc->gtk.data);
	591
	592	mutex_lock(&wusbhc->mutex);
	593
	594	if (--wusbhc->pending_set_gtks == 0)
	595	wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid, &wusbhc->gtk.descr.bKeyData, key_size);
	596
	597	mutex_unlock(&wusbhc->mutex);
	598	}
	599
	600	static void wusbhc_set_gtk_callback(struct urb *urb)
	601	{
	602	struct wusbhc *wusbhc = urb->context;
	603
	604	queue_work(wusbd, &wusbhc->gtk_rekey_done_work);
	605	}
	606
	607	/**
	608	* wusbhc_gtk_rekey - generate and distribute a new GTK
	609	* @wusbhc: the WUSB host controller
	610	*
	611	* Generate a new GTK and distribute it to all connected and
	612	* authenticated devices. When all devices have the new GTK, the host
	613	* starts using it.
	614	*
	615	* This must be called after every device disconnect (see [WUSB]
	616	* section 6.2.11.2).
	617	*/
	618	void wusbhc_gtk_rekey(struct wusbhc *wusbhc)
	619	{
	620	static const size_t key_size = sizeof(wusbhc->gtk.data);
	621	int p;
	622
	623	wusbhc_generate_gtk(wusbhc);
	624
	625	for (p = 0; p < wusbhc->ports_max; p++) {
	626	struct wusb_dev *wusb_dev;
	627
	628	wusb_dev = wusbhc->port[p].wusb_dev;
	629	if (!wusb_dev \|\| !wusb_dev->usb_dev \| !wusb_dev->usb_dev->authenticated)
	630	continue;
	631
	632	usb_fill_control_urb(wusb_dev->set_gtk_urb, wusb_dev->usb_dev,
	633	usb_sndctrlpipe(wusb_dev->usb_dev, 0),
	634	(void *)wusb_dev->set_gtk_req,
	635	&wusbhc->gtk.descr, wusbhc->gtk.descr.bLength,
	636	wusbhc_set_gtk_callback, wusbhc);
	637	if (usb_submit_urb(wusb_dev->set_gtk_urb, GFP_KERNEL) == 0)
	638	wusbhc->pending_set_gtks++;
	639	}
	640	if (wusbhc->pending_set_gtks == 0)
	641	wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid, &wusbhc->gtk.descr.bKeyData, key_size);
	642	}